16 Billion Passwords Leaked from Major Tech Platforms, Including Apple and Google

Security researchers have uncovered one of the largest data breaches in history, involving 16 billion login credentials across 30 distinct datasets.

This leak—primarily sourced from infostealer malware—exposes credentials for major platforms including Apple, Facebook, Google, GitHub, Telegram, and government services.

The data is fresh and highly structured, differing from recycled breaches, and creates a “blueprint for mass exploitation,” enabling phishing, identity theft, and account takeovers.

Technical Breakdown of the Breach

Researchers at Cybernews identified 30 datasets exposed via unsecured Elasticsearch instances and cloud storage since January 2025.

Key characteristics include:

Dataset Feature	Details
Total Records	16 billion
Dataset Size Range	Tens of millions to 3.5 billion records per dataset
Data Freshness	Newly harvested (not recycled from past breaches)
Primary Source	Infostealer malware (e.g., AgentTesla, Lumma, Vidar)
Structure	URL + username/email + password format
Notable Datasets	3.5B records (Portuguese-speaking), 455M (Russian-linked), 60M (Telegram)

Only one dataset (184 million records) had been previously reported; the remaining 29 were newly discovered.

The data’s recency and organization make it “weaponizable intelligence at scale,” with tokens and metadata amplifying risks for organizations lacking multi-factor authentication.

Global Implications and Mitigation

This breach fuels unprecedented cyber risks:

• Credential stuffing: Attackers use leaked credentials to hijack accounts across services.
• Phishing escalation: AI tools (e.g., deepfakes) leverage stolen data for targeted scams.
• Ransomware pathways: 54% of ransomware victims had credentials in infostealer logs.

Critical steps for protection:

1. Immediate password reset for high-value accounts (email, banking, social media).
2. Adopt passkeys or password managers to generate unique credentials.
3. Enable multi-factor authentication universally to block unauthorized access.

The scale of this breach—equivalent to two credentials per person alive—underscores the critical need for enhanced credential hygiene and corporate security overhauls.

As infostealer malware surges (tripling in 2023–2024), proactive defense is non-negotiable.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

The post 16 Billion Passwords Leaked from Major Tech Platforms, Including Apple and Google appeared first on Cyber Security News.